CASE 27 · HALCYON · 2026
A network that doesn’t need a senior engineer to debug.
A cross-border payments company had grown from one region to four with ad-hoc VPC peering between every pair of VPCs. The mesh had 38 connections and one person who understood it. We collapsed it to a Transit Gateway spoke-and-hub per region, with inter-region peering and a route table per traffic class.
Cross-border payments
LANDING ZONE
2026
RESULTS
What changed, by the numbers.
VPC CONNECTIONS
38 → 11
MTTR (NETWORK)
−68%
INTER-REGION HOPS
1
PEOPLE WHO CAN DEBUG
4
HOW IT WENT
The diagram took a week to produce because the senior engineer was the only one with the full picture. Every new region had been added by extending the mesh; nobody had paused to redesign. Some peerings were transitive-via-firewall, some weren’t. Some routes were static, some weren’t.
We migrated VPC by VPC to Transit Gateway with three route tables — production, non-production, shared services — and a clean inter-region peering topology. Network Firewall handled north-south inspection; flow logs landed in a central account for the platform team.
After cutover, four engineers ran a tabletop debugging exercise on a synthetic incident. All four found the root cause inside fifteen minutes. The original engineer took the next two weeks off. Nothing broke.
RELATED · SAME DOMAIN
Other engagements in this space.
READY WHEN YOU ARE
Let's get your AWS bill (and architecture) in order.
The discovery call is free. You walk away with at least one concrete idea — even if we never work together.